Supply Chain Component Provenance

In manufacturing supply chains, "recorded" and "untampered" are entirely different problems. Records are carried on paper certificates and Excel traceability tables; tampering is discovered only after the fact.

Specifically, current operations exhibit four structural defects:

• Circulation of forged certificates: In the aerospace, medical device, and semiconductor industries, forgery and copy circulation of supplier certificates (FAA Form 8130-3, EASA Form 1, medical device UDI certificates, etc.) are continuously documented.
• Double circulation of the same lot: The same lot number is counted across multiple final products, causing traceability to logically collapse.
• Out-of-spec infiltration at intermediate tiers: "As-cast" components treated as "machined," or grade-inconsistent materials mixed in — such cases are difficult to detect under paper-based operations.
• Delayed impact scope identification during recalls: Weeks pass between defect discovery and identification of affected component lots, during which the components continue to be used downstream.

Furthermore, as autonomous procurement agents are adopted, the absence of means for agents to verify component authenticity in real-time before confirming orders threatens the safety of the agent economy itself. Agents can only trust "the documents that arrived" — if those documents are forged, autonomy becomes vulnerability.

Provenance is recorded. The problem is that what is recorded is not cryptographically proven to be authentic.

Major aerospace component manufacturer Company M supplies precision bearings and hydraulic components to Western airframers. In the aerospace industry, all safety-critical components require FAA Form 8130-3 or EASA Form 1 certification, with complete traceability from manufacture to disposal.

Company M's upstream spans 4 tiers:

• Tier-1: Company M (final machining, quality assurance)
• Tier-2: Steel and specialty alloy manufacturers
• Tier-3: Specialty alloy smelters
• Tier-4: Nickel and cobalt raw material trading companies

Each tier conveys component provenance via paper certificates and Excel traceability tables. Company M's quality assurance department has 10 engineers consumed by normalizing different supplier formats and visually inspecting certificate authenticity.

In August 2026, an airline reports abnormal bearing wear on the same aircraft type. Root cause analysis and component recall are urgent. Company M begins cross-referencing two years of shipping ledgers against upstream supplier certificates to identify potentially affected lots. Estimated completion: 3 weeks.

During those 3 weeks, bearings from the same series continue operating across multiple aircraft models.

With Lemma, each tier's component attributes would be encrypted with issuer signatures, forming a cryptographic chain traceable upstream. Each attribute contains:

• Manufacturing lot number and timestamp
• Cryptographic binding to upstream raw material and component lots
• Quality inspection results at each process step and inspection body signatures
• Process executor (manufacturer, inspection body) issuer signatures

Company M's autonomous procurement agent cryptographically verifies component authenticity and traceability before confirming orders. Upon receipt, incoming inspection confirms the cryptographic provenance chain rather than paper certificates.

At recall time, affected lots and their downstream products are identified in seconds from the cryptographic provenance chain. The airframer independently confirms that components originate from a legitimate multi-tier chain — without being disclosed Company M's supplier names or contract terms. FAA and EASA auditors perform cryptographic verification rather than reviewing bundles of paper documents.

Safety is assured while supplier trade secrets remain protected.

Lemma's four cryptographic layers correspond to the component provenance lifecycle in multi-tier supply chains.

1. ENCRYPT — Per-Process Sealing of Records

Records generated at each manufacturing and inspection process (production logs, inspection results, material certificates, captured images) are encrypted with AES-GCM at the moment the process step is completed. Originals remain under the process executor's control. Only component ID, docHash, and attribute proofs are passed upstream.

2. PROVE — ZK Proofs of Component Identity

On a ZK circuit, the integrity of four elements is sealed as a proof: (a) component ID, (b) binding to upstream lots, (c) passage evidence for each process step, (d) inspection-passed attributes. Confidential information such as supplier identifiers, contract terms, yield rates, and defect rates is not included in the proofs.

3. DISCLOSE — Stakeholder-Specific Selective Disclosure

Different recipients receive different attributes. The final customer (airframer) receives component ID plus certificate-equivalent attributes; regulatory authorities (FAA, EASA) receive the full provenance chain; recall response teams receive rapid extraction of impact scope only; third-party auditors receive the complete cryptographic audit trail — all delivered with issuer signatures, tamper-proof.

4. PROVENANCE — Multi-Tier Permanent Chain

Each tier's attributes are cryptographically bound to the upstream tier's attributes. Starting from the final component, the provenance chain traces back through Tier-1→Tier-2→Tier-3→Tier-4 as a permanent record. At recall time, downstream impact scope can be instantly extracted starting from the defective lot. If attributes are updated or revoked at any tier, integrity is reflected in downstream proofs.

┌──────────────────────────────────────────────────────────┐
│  Tier-4: Nickel and cobalt raw material trading companies │
│  → Raw material lot attributes encrypted with signature   │
└───────────────────────┬──────────────────────────────────┘
                        │ Signed raw material attributes
                        ▼
┌──────────────────────────────────────────────────────────┐
│  Tier-3: Specialty alloy smelters                         │
│  → Cryptographically bind Tier-4 attributes + own records │
│  → Generate alloy-lot-level attribute proofs              │
└───────────────────────┬──────────────────────────────────┘
                        │ Chained attribute proofs
                        ▼
┌──────────────────────────────────────────────────────────┐
│  Tier-2: Steel and specialty alloy manufacturers          │
│  → Bind Tier-3 attributes + own machining/inspection      │
│  → Component ID + docHash + inspection-passed attributes  │
└───────────────────────┬──────────────────────────────────┘
                        │ Chained component attributes
                        ▼
┌──────────────────────────────────────────────────────────┐
│  Tier-1: Company M (final machining, quality assurance)   │
│  PROVE: ZK proof of component identity                    │
│  DISCLOSE:                                               │
│    Airframer → component ID + certificate-equivalent      │
│    FAA/EASA → full provenance chain                       │
│    Recall response → rapid impact scope extraction        │
│    Auditor → complete cryptographic audit trail           │
└───────────────────────┬──────────────────────────────────┘
                        │ Disclosed proofs
                        ▼
┌──────────────────────────────────────────────────────────┐
│  PROVENANCE (On-chain)                                   │
│  All tier attribute anchors                               │
│  → Defective lot as starting point → instant downstream   │
│    impact extraction                                      │
│  → Updates/revocations auto-propagate to downstream proofs│
└──────────────────────────────────────────────────────────┘

Lemma cryptographically guarantees the following facts in supply chain component provenance:

• Issuer and manufacturing timestamp for each production lot
• Cryptographic binding to upstream raw material and component lots
• Inspection results and inspection body signatures at each process step
• Identity — absence of counterfeit components and copied certificates
• Structural absence of double circulation
• Instant identification of impact scope at recall time
• Pre-order verification capability for autonomous procurement agents
• Non-disclosure of supplier names, contract terms, and yield rates
• Independent verification by regulatory authorities (FAA, EASA, PMDA, etc.)

Supply Chain ESG — CBAM, EUDR, DPP Compliance

Declared ≠ proven

A P4 complement on the same multi-tier supply chain structure, guaranteeing ESG regulatory attributes (carbon emissions, country of origin, labor conditions). Provenance (this page) covers physical identity; ESG covers regulatory attributes. Operated as a pair, the entire manufacturing supply chain is cryptographically sealed.

View use case →

DeFi Bridge Verification — Pre-Execution Authentication

Cryptographically valid ≠ semantically right

A complement within the same Pillar (P1). Physical component provenance and crypto-asset provenance are structurally isomorphic. The same problem — "asset origin is not cryptographically verified" — applied to finance rather than manufacturing.

View use case →

Delegated Treasury — Agent Authority Delegation

Authorized ≠ attested

When autonomous procurement agents source components from suppliers within a corporation's authority. Combined with the component verification from this page, a dual cryptographic fact is established: "an authorized agent ordered a component with verified provenance."

View use case →